There weren't a lot of Y2K problems to go around on One, One, Uh-oh.
Most ISPs experienced no problems
[1].
A large number of Web pages displayed the wrong date
[2],
mostly due to a subtle nest of JavaScript
version and implementation problems. The most serious glitch
that I've seen reported was the three-day disruption -- some said
near-blindness -- of all US reconnaissance satellites
[3],
[4].
This went unreported for 9 days after the fact, so it's possible the bad
guys never knew.

As early as 4 January, ignorant people began questioning whether the
spending to avert a Y2K disaster had been a waste
[5]. I refer them
to my first published words on the subject, from TBTF for 1998-04-20
[6]:

What's going to happen to the world's computers -- and to the
world -- after December 31, 1999? No one knows. In the 21st
century we will all conveniently forget this fact, and will
assume that the consequences should have been obvious,
whatever they turn out to be.

A number of you wrote asking whether you had missed an issue of TBTF
(and thousands more assuredly wondered). No, the newsletter simply
took a longer-than planned hiatus. I've been posting to the TBTF Log
almost daily and mailing the collected Log items weekly to subscribers
on a new mailing list, tbtf-log@tbtf.com (see Notes
at the bottom of this issue, or subscribe
here).

Allow me to note in passing a few of the recent developments you
might expect to have read about in TBTF.

AOL announced its intention to merge with Time Warner. If I read one
more piece about this development I shall squit a squatter. Oh, you
too, eh?

Silicon Valley firm Transmeta emerged from its five-year silence
to reveal its product direction: soft silicon. You may be amused to
read the TBTF Log for the week of 2000-01-16 [7], when the company
took the wraps off. For best results read from the bottom up.

Hedwig Kiesler, inventor of spread spectrum, died. Moviegoers knew
her as Hedy Lamarr. Her story [8] is one of the strangest and most
touching in the history of technology in the last century. When she
died the son of her co-inventor George Antheil posted a
reminiscence on Slashdot [9].

And the US Commerce Department released its new, looser regulations
on the export of cryptography. Let's spend a little time on that one.

Here's the Commerce Department's press release [10], the regulations
themselves [11] (84K), and an analysis [12] by the EFF, EPIC, and ACLU
of the constitutional defects still embodied in the new rules.

One welcome relaxation is that Open Source crypto is freely
exportable to all but seven designated terrorist countries (the "T-7").
Posting code on a Web site for anonymous download is allowed, and
the poster is not required to check that downloaders might be from
one of the T-7. Exporters must to send the Department of Commerce a
copy of the code, or a URL, upon publication.

Kerberos[13]
and PGP[14]
were quickly posted to the Net, as these
copies of the required Commerce Department notifications attest.

At the RSA security conference in San Jose last month, the company
hastily organized a "PGP export ceremony." Two US members of
Congress who have fought to relax crypto export regulations took the
stage with Phil Zimmermann, author of PGP. Here's what happened
next, from an account by Cabe Franklin <cabe dot franklin at pnicg
dot com>:

Phil had asked if he could finally grant permission to the
Congressmen to export PGP. The crowd got a kick out of this,
and the mood was high. Without further ado, Goodlatte and
Lofgren took their positions at the computer (the monitor was
linked to a giant projection screen so the crowd could see
what was going on) -- Lofgren attached the PGP executable,
addressed it [to a Ministry of Defense official in the UK],
typed a note saying "this is the first export of PGP software,
from U.S. Congressman Bob Goodlatte and Congresswoman Zoe
Lofgren, sent 1/18/2000" and clicked Send, and it was done. Wild
applause.

Public concern about the loss of privacy online has intensified with
each new revelation of a corporation or Web site playing loose with
customers' personal data. Over the last few months the issue has
grown hot enough to have bubbled up into the US President's State of
the Union address
[15].
(The topic gets one paragraph about 90% of
the way through the long speech; search for "privacy" in
[15].)
Privacy advocates (and I count myself one) may be forgiven for
disappointment that the President only desires to prevent misuse of
medical records, bank and credit card statements, and genetic
information. It's a start.

DoubleClick has insisted since 1996 that, while it tracks 100
million Internet users' browsing and buying habits across 11,500 Web
sites, it does not identify users personally. But last June the
company purchased Abacus Direct Corp., a direct-marketing services
company with a database of names, addresses, phone numbers, and
catalog purchasing habits of 90% of American households.

Cue the loud bassoon.

On 31 January Will Rodger of USA Today broke the news [16] that since
December, at the latest, DoubleClick has been merging its anonymous,
cookie-borne, unique-user-ID data with the personal data from
Abacus. DoubleClick's move moved Lauren Weinstein, the ever-dependable
voice of reason on privacy issues, to flights of prose and heights
of alarm that have rarely been seen on the PRIVACY Forum [17].

In a massively lame attempt at damage control, DoubleClick asked
Slashdot [18] to take down a link to the USA Today story. The story's
poster, Hemos, refused.

Three days later a California woman sued DoubleClick for illegally
collecting and selling consumers' personal information [19]. Her
lawyer said she wants to represent the California general public in
the suit.

DoubleClick replies, in effect, "What's the big deal? We let
customers opt out of the tracking." How very generous. The instructions
[20] for opting out will make your eyes cross. Be easy on yourself:
edit your cookie file and delete all but one of the cookies for
.doubleclick.net. Replace that one with:

.doubleclick.net TRUE / FALSE 1920499172 id OPT_OUT

Be sure to use a single tab, not spaces, for each whitespace in this
line.

Or do like I do [21]: before you start your browser -- every time --
overwrite its cookie file with one containing only the innocuous
and helpful cookies you want.

In a considerably more complicated case, a Texas company called
Universal Image has taken Yahoo to court [22] to test the legal theory
that, under Texas law, using cookies to track visitors constitutes
electronic stalking and eavesdropping. Universal Image has a
long-standing beef with broadcast.com, which Yahoo inherited when it
bought the streaming-media company last year. Universal might be
accused of jumping on the privacy bandwagon to aid their ongoing
legal quarrel, and perhaps of cynicism as well. The original point
of their complaint was that broadcast.com wasn't turning over to
them as much customer data as it should be doing. Cynicism or no,
the case could still set legal precedent.

TBTF book review: Database Nation

Database Nation The Death of Privacy in the 21st Century
by Simson Garfinkel
O'Reilly, 312 pages with notes, annotated bibliography, & index
($24.95 at [23])
Reviewed by Keith Dawson <dawson at world dot std.com>

This book is important, and it deserves to be big. Simson Garfinkel
has nailed the history, the present circumstances, and the nightmare
future scenarios as the remaining shreds of privacy in American life
circle the drain at the new century's dawn.

You're planning a trip to New York City for Valentine's Day
with your sweetheart. You call up your travel agent to make a
reservation, then go out for lunch. When you return, you
discover that your email inbox is filled. There are more than
5,000 restaurants in the Big Apple, and a third of them have
sent you electronic coupons...

You pick up your phone. You want to call your travel agent and
yell at her for selling your name. But... instead of hearing
a dial tone you find yourself speaking with a representative
for United Airlines. Your travel agent [had] ticketed you on
American...

You're 10 minutes late for a meeting. As you get up, your
phone rings again. The Caller ID box says that it's from your
sweetie, so you take the call. Surprise! This time the call is
from a local travel agent (who has programmed her telephone
switch to give out fake information on the Caller ID)...

A few days later, you find yourself besieged with mail-order
catalogs. Companies selling everything from "New York style
suits" to chemical Mace are trying to get your attention...

When your tickets show up, you discover an advertisement for a
prescription drug (one you've researched because you've been
thinking about taking it) printed on your boarding pass. Even
on the plane, you look at one of those "air phones" on the
back of the seat in front of you and notice that it's
displaying a tiny personalized advertisement for a jewelry store in
Times Square...

When you finally get home a week later, you discover that your
home has been burglarized.

Like good dystopian science fiction, Database Nation bids not to
predict a future but to prevent one. Garfinkel is longer on
description than on prescription for the problem of privacy under
attack. Many of the remedies he sketches suggest government
intervention to wrest back some control of private information for the
individual. This emphasis on government action will be the most
controversial aspect of Database Nation, spurring automatic
resistence in overlapping circles of Net culture from the
libertarian to the privacy-aware. But the fact is that in the privacy
arena, Big Brother may not be the biggest threat -- it's
thousands of Little Brothers, private actors in a capitalist
free-for-all.

Database Nation's dust jacket sports a killer array of blurbs from a
who's-who of privacy advocates: Ralph Nader, Marc Rotenberg, Peter
Neumann, Sen. Edward Markey. I hope they convince the people who
need to read this book to buy it -- that majority of the population
in this consumer society who see nothing wrong with selling their
most private data for a $5 coupon.

If you're a regular reader of TBTF, RISKS, the PRIVACY Forum, or the
newsletters of EPIC or the EFF, you probably don't need to read
DataBase Nation. But I hope you will; you'll learn more than you might
imagine, I guarantee it. When you're done, loan the book to a friend
who needs to get a clue about privacy. If it comes back, loan it
again.

Note -- if you buy this book at
[23]
you'll be helping to support TBTF through Amazon's associates program.

Suppose the government suspects you of a crime. They obtain a search
warrant, raid your home, and seize your computers. Some of the
information stored there is encrypted under a key known only to you.
You need that material for your defense. The prosecution is required
to give it to you. Right?

Upon request of a defendant the government must disclose to
the defendant and make available for inspection, copying, or
photographing: any relevant written or recorded statements
made by the defendant, or copies thereof, within the
possession, custody, or control of the government...

Seems pretty straightforward. But a year-old ruling in the case of
Kevin Mitnick, the just-released computer hacker, questions the
defendant's right to seized encrypted material [25]. The prosecution
argued that since they couldn't read the files, the files weren't
really in their possession. Further, they said, the files might
contain spoils of the defendant's depredations or even dangerous
information: "For all we know, it could be plans to take down a
computer system." The judge bought these arguments, and any
immediate chance to appeal the ruling was forfeited in Mitnick's plea
bargain.

This question will certainly come up again in the courts, as a
tangent off of a larger question to which I've not seen a good answer:
can you be compelled to reveal your secret key in a court
proceeding?

PA New Media has been garnering pots of attention since news leaked
[26] about their development of a virtual newscaster --
a synanchor.
(I just made that word up -- like it? "Syncaster" sounds too much
like a Biblical admonition.) The developers have named their
creation Ananova and have reserved the three obvious domain names
[27]. Ananova has been under development for 10 months and is not
yet ready to serve the public; PA New Media gives no target date.
The Ananova character is animated in real-time to read out
bulletins from a 24-hour newsfeed. She won't get tired, take time off
for illness, or demand a raise. The company notes that
correspondents in the TV news business have informed them that some
flesh-and-blood newsreaders are waxing nervous.

PA New Media invited UK journalist Mike Butcher to a demo of the
pre-release Ananova. He reports [28] that seeing her is

a little like seeing RealVideo for the first time: the
movement and the voice is jerky. Remember Max Headroom in the
1980s? But when you realise this is being created on the
fly you begin to see the potential.

A current-awareness service aimed straight at the heart
of TBTF's concerns

Don't think of it as competition. Richard Swetenham is a longtime
TBTF reader and benefactor [29] who runs QuickLinks [30], a Web log
for breaking news on many of the subjects that you read about here.
Here's the QuickLinks masthead:

Swetenham works for the European Commission in a position he
describes as "Mr. Internet Porn." The QuickLinks blog is "half way
between work and a hobby," he says, and springs from his "natural
desire to be inquisitive about fields which in our set-up are
strictly speaking someone else's concern."

QuickLinks is admirably organized to delight the dedicated
infosurfer. Using Blogger [31], Swetenham adds around half a dozen items
per day to the blog, each a one- or two-sentence article summary
and a link. Once per week he emails the collected items to
subscribers, in text or HTML format. Links in the email take you to
the item on a standalone page, with a further link to the source
article. Each item page also links its parent category, an instant
topical table of contents. The blog is fully indexed and searchable.

The site includes this quite useful page [32] of upcoming conferences,
seminars, and other events worldwide.

To subscribe to QuickLinks by email, fill out the form at [30] or
send an empty message to one of

High-quality links and readable summaries, all watched over by
machines of loving grace

Two graduate students from Carnegie Mellon University have put
together algorithms and tools for automatically building high-quality
directories of Web content. Digger Chen and Ying Li run a
demonstration site at www.hubat.com [33]. Their "beta" directory contains 3.5M
pages and 800 categories and is growing all the time. It looks and
acts rather like the Yahoo or Open Directory databases; the quality
and relevance of the links are high and the text summaries are
cogent. But unlike the human-intensive directories, the Hubat
directory was built entirely automatically.

Chen and Yi seeded the process with a directory outline and one
sample site for each leaf node. Their spider, based on an algorithm
they call SPARKLE, crawls the Web politely (honoring robots.txt) and
brings back high-quality results. SPARKLE automatically summarizes
the returned Web pages using a technique based on collaborative
annotation, the authors say. In my exploration of Hubat.com I've
often found it hard to believe these summaries were not written by
humans.

The site does not rely on a Google-style page ranking scheme, but
still manages somehow to return the most relevant pages as the top
search results.

Hubat.com has been up since 10 November (the TBTF Log provided its
first publicity [34]). Chen and Yi are looking for seed funding to
continue developing their automatic directory technologies. Read
their FAQ [35] and get in touch at info@hubat.com if you can be of
assistance.

Before Christmas the journal Science ran a quick report from Jeffrey
Roberts and Christopher Cramer, chemists at the University of
Minnesota. The researchers had used a local supercomputer to calculate
whether or not two atoms of yttrium (periodic chart symbol Y) could
stably combine with one atom of potassium (K) [36]. The answer is
affirmative. The scientists considered analyzing two other
yttrium-containing compounds, YOY (two yttriums, one oxygen)
and YNOT
(yttrium, nitrogen, oxygen, and tritium -- sort of cheating, that).
"We could have studied Y3K too, but we thought we could put it off,"
they said.

If anyone ever produces solid Y2K, be assured it will pose no danger
to your computer. Unless you've spilled coffee on the keyboard --
potassium reacts violently with water, you see.

The AIP's Physics News Update carried this provocatively titled
research note [37]. It seems that when snowflakes hit water, the
resulting capillary action can create bubbles vibrating at up to 200
kHz. You couldn't hear the screeching, but a dolphin could. It's not
unknown for researchers to shut down sonar surveys of salmon
populations during snowfall because of the noise.

Download Noodle [38]
(for Mac or Windows, > 4 MB) if you have the
slightest interest in user-interface design, music, or computer
games. It's a little bit of each. Noodle is a free gizmo for making
music on a computer. The interface is so slick and inventive you'll
find yourself emailing the link [38] to three or four friends, as
Mark Dionne <mdionne at mediaone dot net> did for me. (Personally,
I just had to pass it on to 11,849 of you [39].)

This addictive app is not new news: Noodle came out 10 months ago.
Lance Arthur's glassdog spotted it last July [40]. One of Noodle's
creators presented it at the Navigating Intelligence summit last
fall in Banff [41]. Noodle has been making the rounds again after a
Memepool [42] cite last month.

Notes

Remember the Internet Freedom Journalism Awards, a competition
announced in the previous issue of TBTF [45]? Well, the judges voted,
the winners were announced, and... how do I put this modestly? I'm
one of them [46]. The awards are:

Internet Investigation of the Year. For a news story or feature
revealing attempts to regulate the Net.

I've started a new mailing list, tbtf-log@tbtf.com, for those who
want to receive a consolidated email message on Sunday evenings
containing all the TBTF Log entries for the week preceding. (No,
Richard Swetenham's QuickLinks didn't shame me into it, I just
finally got organized.) To subscribe, send the message subscribe
(the title doesn't matter) to
tbtf-log-request@tbtf.com;
or fill out the brief form at
[47].